Details:
To support sending larger and more expressive queries to the Saved Objects find
API, we added a POST endpoint for find and therefore needed a way to disambiguate
the find API from from the POST API used to create Saved Objects.

Impact:
Starting in Kibana 6.3, endpoints that are not simple CRUD operations on a single
object will be named and their name will start with an underscore. For example,
Elasticsearch GET /api/saved_objects is now GET /api/saved_objects/_find,
GET /api/saved_objects/{type} is now GET /api/saved_objects/_find?type={type},
and GET /api/saved_objects/bulk_get is now GET /api/saved_objects/_bulk_get.

Details:
With the imminent removal of types in Elasticsearch, we have updated our index to not rely on types. Kibana 5.6.x can support both of these mappings to minimize downtime. A new UI is provided with X-Pack to assist with the migration of the Elastic stack.

Impact:

Types have been removed from the .kibana index. You will need migrate your Kibana index either manually, or through the Upgrade Assistant in X-Pack.

Upon upgrade of a typical deployment with indices created on a regular basis (e.g. coming from Logstash) to 6.0, new indices will have to include only a single _type. If you have multiple different values for _type in a single index, we recommend to move _type to another field or separate the different types of documents into different indices. Any dashboards relying on filtering and aggregating on _type will continue to work, but will not show any meaningful data. Users will need to update dashboards to rely on aggregating and filtering on the new field, instead of _type, if they want to leverage that information going forward.

Details: Setting the NODE_ENV environment variable can break Kibana processes in unexpected ways, which is especially unfortunate since it is a common environment variable to have configured on a system, and you wouldn’t expect it to break anything in Kibana. Kibana will now effectively ignore NODE_ENV entirely.

Impact: If you’re developing a custom plugin that depends on NODE_ENV, you will need to update it to use a different, custom environment variable.

Kibana 4.x configuration names using _ instead of . have been removededit

Details: In Kibana 4.2, we renamed all configuration names in kibana.yml to use . as a separator instead of _, though the legacy configurations would still continue to work. In 5.0, we started logging deprecation notices whenever the legacy configurations were encountered. In 6.0 onward, legacy configuration names that use an underscore instead of a dot will no longer work.

Impact: Any usages of underscore separated configuration names in kibana.yml need to be updated to their modern equivalents. See Configuring Kibana for accepted configurations.

Details: Starting in Kibana 6.0.0 we removed the ability to create index patterns that use a date-pattern and interval to identify Elasticsearch indices. Index patterns must now use wildcards which are more performant in most cases.

Impact: Existing index patterns and saved objects will continue to function without issue, and in a subsequent release we will provide utilities to migrate your index patterns/saved objects.

Details: Since 4.3, index patterns could be configured to do a pre-flight field_stats request before a search in order to determine exact indices that could contain matching documents. Elasticsearch now optimizes searches internally in a similar way and has also removed the field_stats API, so this option was removed from Kibana entirely.

Impact: No change is required for existing Kibana index patterns. Those previously configured with this option will gracefully use the new Elasticsearch optimizations instead, as will all new index patterns.

When X-Pack security is enabled, reports will only be accessible to the user that created them.

When X-Pack security is enabled, user authorization is controlled by the
xpack.reporting.roles.allow setting in the kibana.yml which defaults to
['reporting_user']. Users will no longer have access to the underlying X-Pack reporting
indices in Elasticsearch when assigned to the built-in reporting_user role. If using
custom reporting roles, the privileges to the indices will need to be removed, and the
role will need to be added to the xpack-reporting.roles.allow setting.